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CLAIMS 

What is claimed is: 

1 . A method in a distributed system, comprising the steps of: 
downloading code from a server; 

determining a set of constraints to implement secure communication with 
the server; and 

using securte code to verify that the downloaded code will enforce the set 
of constraints wheq the downloaded code is used to communicate with the 
server. 

2. The method cif claim 1 , further comprising the step of: 
using the downloaded code to invoke a method on the server, wherein the 

downloaded code enforces the set of constraints on the server. 

3. A method in a distributed system for ensuring trustworthiness of a first 
proxy, comprising the steps of: 

downloading thelfirst proxy containing code for communication purposes; 

using the first prcW to obtain a second proxy containing code for 
communication purpose*; 

determining whether the second proxy is trustworthy by using a 
trustworthiness verification routine; 
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determining whether a server is trustworthy by using the second proxy 
when it has been determined that the second proxy is trustworthy; 

requesting the sorver to determine whether the first proxy is trustworthy by 
using the second proxy |when it has been determined that the server is 
trustworthy; and 

using the first pro}<y to invoke a method on the server when it has been 
determined that the first (proxy is trustworthy, that the second proxy is 
trustworthy, and that the server is trustworthy. 

4. The method of cl^im 3, wherein the requesting step further comprises the 
substeps of: 

receiving a ttrust verifier routine from the server; 
receiving ccdebase information and signer information for the trust 
verifier from the server; 

whether the trust verifier routine is trustworthy using 
and the signer information; and 
lj>een determined that the trust verifier routine is 
verifier routine to determine whether the first proxy is 



determining 
the codebase information 

when it has 
trustworthy, using the trus 
trustworthy. 
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5. A method for establishing trust in a proxy containing code downloaded 
from a serverAcomprising the steps of: 

determining whether the proxy is an instance of a trusted proxy class; 
verifying at least one component of the proxy when it has been 
determined that tne proxy is an instance of the trusted proxy class, wherein the 
verifying step comprises the substeps of: 

verifying trust in an invocation handler of the proxy; 
determining whether the proxy has an activator; and 
verifying the trustworthiness of the activator, when it has been 
determined that the proxy has an activator; and 

using the proxyuo invoke a method on the server when it has been 
determined that the proxy is an instance of the trusted class and the at least one 
component of the proxy\has been verified successfully. 

6. A method for establishing trust in a proxy containing code downloaded 
from a server, comprising the steps of: 

determining whether the proxy is an instance of a trusted proxy class; 
verifying at least one! component of the proxy when it has been 
determined that the proxy islan instance of a trusted proxy class, wherein the 
proxy has an invocation handler and a plurality of socket factories, and wherein 
the verifying step comprises me substeps of: 

obtaining the invocation handler from the proxy; 
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tesjting whether the invocation handler is an instance of a secure 
invocation handler class; 

comparing a class of each socket factory of the invocation handler 
to a list of trusted Socket factory classes; 

setting an error flag if the class of any socket factory of the 
invocation handler does not match the list of trusted socket factory classes; 
determining whether the proxy has an activator; and 
auther ticating the activator, when it has been determined that the 
proxy has an activate, wherein the authenticating step further includes the 
substeps of: 1 

obtaining an activator verifier from the server; 
using the activator verifier to determine whether the activator 
is trusted by the serve r; and 

sotting the error flag, when it is determined that the activator 
is not trusted by the server; and 

using the proxy to invoke a method on the server when the error flag is not 
set and when it has bean determined that the proxy is an instance of the trusted 
class. 

7. A distributed sysjem comprising: 
a server computer, comprising: 

a memory {with a service; and 
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a processor that runs the service; and 
a client computer, comprising: 

a memory with a proxy that facilitates use of the service, a client 
program that invokes a method of the service using the proxy, and a secure 
verifier that can be used to verify that the proxy will enforce security constraints 
when communicating with the service; and 

a processor that runs the client program. 

8. The distributed system of claim 7, wherein the server computer and the 
client computer communicate via the Internet. 

9. The distributed system of claim 7, wherein the server computer and the 
client computer/communicate via a local area network. 

10. The distributed system of claim 7, wherein the security constraints are set 
by the client program. 

1 1 . The djstributed system of claim 7, wherein the security constraints are set 
by the servi 
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12. A computer 
processing system 
comprising the steps 
downloading 
determining 
the server; and 



using 
of constraints whe 
server. 



secutfe code to verify that the downloaded code will enforce the set 
n the downloaded code is used to communicate with the 



comprises the ste 

using the 
downloaded code 
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readable medium containing instructions for controlling a data 
to perform a method in a distributed system, the method 
of: 



code from a server; 

a set of constraints to implement secure communication with 



13. The computer-readable medium of claim 12, wherein the method further 



p of: 



qownloaded code to invoke a method on the server, wherein the 
enforces the set of constraints on the server. 



14. A computer-readable medium containing instructions for controlling a data 
processing system to perform a method in a distributed system the method 
comprising the ste ps of: 

downloading the first proxy containing code for communication purposes; 

using the finst proxy to obtain a second proxy containing code for 
communication purposes; 
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determining whether the second proxy is trustworthy by using a 
trustworthiness verification routine; 

determining whether a server is trustworthy by using the second proxy 
when it has been determined that the second proxy is trustworthy; 

requestinglthe server to determine whether the first proxy is trustworthy by 
using the second proxy when it has been determined that the server is 
trustworthy; and 

using the fiijst proxy to invoke a method on the server when it has been 
determined that the first proxy is trustworthy, that the second proxy is 
trustworthy, and thkt the server is trustworthy. 
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